On Friday 24 April 2009 12.27.50 you wrote: > On Fri, Apr 24, 2009 at 3:38 AM, LEVAI Daniel <l...@ecentrum.hu> wrote: > > On Friday 24 April 2009 09.28.34 you wrote: > >> omg we have finger print reader support??? ! > >> > >> I installed the port and I'm playing with it. Can you post your full > >> config? The login_fingerprint docs are short on the troubleshooting. I > >> can enroll my fingers and I've got su asking me for finger swipes but > >> whenever I do it says "invalid swipe" or "login incorrect". > > > > You need to enroll_fingerprint(8) as the target (root) user too, so root > > will have a ~/.fprint directory too. > > When I say "su" I actually meant I'm running "su $USER". Then you must run enroll_fingerprint as $USER, to make the $USER_HOMEDIR/.fprint/ directory and the corresponding files.
> > >> I see the same result as you with sudo. Annoying. Sudo must not be > >> feeding it correctly right, but perhaps login_fingerprint is expecting > >> wrongly. > >> > >> It would be a neat gimmick if we could get this working! > > > > I just followed /usr/local/share/doc/login_fingerprint/README: > > $ enroll_fingerprint -f 7 > > It has populated a ~/.fprint/ dir with the scanned fingerprint, and after > > the login.conf modify I could login on the console and do `su`. Only sudo > > seems to need the '-apasswd' option to force it to use the passwd auth > > type instead of the -fingerprint type. But grepping thru sudo's source I > > couldn't find this error message anywhere :\ > > > > My modifications in login.conf is only the following: > > --- /var/backups/etc_login.conf.backup Thu Apr 16 16:06:00 2009 > > +++ /etc/login.conf Thu Apr 23 17:15:23 2009 > > @@ -23,7 +23,8 @@ > > # > > > > # Default allowed authentication styles > > -auth-defaults:auth=passwd,skey: > > +auth-defaults:auth=-fingerprint,passwd,skey:\ > > + :x-fingerprint=7: > > > > # Default allowed authentication styles for authentication type ftp > > auth-ftp-defaults:auth-ftp=passwd: > > I followed the README too but it told me to add this: > # > # The fingerprint login class allows the fingerprint and passwd > # authentication methods and checks your 7th (right index) finger. > # > > fingerprint: > :auth=-fingerprint,passwd:\ > :x-fingerprint=7:\ > :tc=default: > I've done the same thing except I've added this to the default class, so I don't have to change the already made classes (which are including "auth-defaults"). > and I had to do "sudo usermod -L fingerprint $USER" to get "su $USER" > to start asking me to swipe. Do we maybe have different versions (I > should probably shyly mention here that I'm on -CURRENT right now)? I'm using -current too, but in this case it doesn't matter; the login classes we use are not the same, but that's all. > Why are we writing "-fingerprint" instead of "fingerprint"? > login.conf(8) is hazy on what this means. It doesn't seem to matter > espcially which is chosen. man login.conf: Local authentication styles may be added by creating a login script for the style (see below). To prevent collisions with future official BSD Authentication style names, all local style names should start with a dash (-). ^^^ That is why the -fingerprint; also: # ls -l /usr/libexec/auth/ [...] login_-fingerprint [...] > I suspect my problem is a driver issue. I have a 1600 chip (as linux > tells me... dunno why OpenBSD) but the driver is written for 1610 > chips. Until I can at least use su with my finger I'm not sure I can > help you. What does `ls -lR /home/$USER/.fprint/` tells you? Do you have the proper scanned fingerprints there? Do you have the $USER in the fingerprint class (if you've followed the README file with login_fingerprint)? Daniel -- LIVAI Daniel PGP key ID = 0x4AC0A4B1 Key fingerprint = D037 03B9 C12D D338 4412 2D83 1373 917A 4AC0 A4B1